CVE-2006-4978

Name of the Vulnerable Software and Affected Versions PhpQuiz versions 1.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through the univers parameter in "score.php" and the quiz id parameter in "home.php", which is accessed through the "front/" URI.

Recommendations For PhpQuiz versions 1.2 and earlier, as a temporary workaround, consider restricting access to the score.php and home.php files until a patch is available. Avoid using the univers and quiz id parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.